Use c/common upstream version for rpm with Epoch bump
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254254 Keeping the Version set to `1` with autorelease can cause installation issues. With this commit, the c/common upstream version will be used for rpm version so that there will be regular rpm version changes. Packages dependent on containers-common can then use `>= epoch:version` for dependency resolution. Another change with this commit is that `update.sh.rawhide` has been removed and all the rawhide specific logic has been added to `update.sh` itself. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit is contained in:
Lokesh Mandvekar
parent
28c879f872
commit
1c296038d7
@ -4,15 +4,15 @@
|
||||
# pick the oldest version on c/image, c/common, c/storage vendored in
|
||||
# Buildah/Podman/Skopeo.
|
||||
%global image_branch main
|
||||
%global common_branch main
|
||||
%global common_branch v%{version}
|
||||
%global storage_branch main
|
||||
%global shortnames_branch main
|
||||
|
||||
%global github_containers https://raw.githubusercontent.com/containers
|
||||
|
||||
Epoch: 4
|
||||
Epoch: 5
|
||||
Name: containers-common
|
||||
Version: 1
|
||||
Version: 0.57.1
|
||||
Release: %autorelease
|
||||
License: Apache-2.0
|
||||
BuildArch: noarch
|
||||
|
||||
@ -278,6 +278,9 @@ based file systems.
|
||||
**size**=""
|
||||
Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
|
||||
|
||||
**use_composefs** = "false"
|
||||
Use ComposeFS to mount the data layers image. ComposeFS support is experimental and not recommended for production use. (default: false)
|
||||
|
||||
### STORAGE OPTIONS FOR VFS TABLE
|
||||
|
||||
The `storage.options.vfs` table supports the following options:
|
||||
|
||||
@ -340,14 +340,6 @@ log_driver = "journald"
|
||||
# "/usr/lib/netavark",
|
||||
#]
|
||||
|
||||
# The firewall driver to be used by netavark.
|
||||
# The default is empty which means netavark will pick one accordingly. Current supported
|
||||
# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
|
||||
# experimental at the moment and not recommend outside of testing). In the future we are
|
||||
# planning to add support for a "nftables" driver.
|
||||
#firewall_driver = ""
|
||||
|
||||
|
||||
# The network name of the default network to attach pods to.
|
||||
#
|
||||
#default_network = "podman"
|
||||
|
||||
@ -449,14 +449,6 @@ and __$HOME/.config/cni/net.d__ as rootless.
|
||||
For the netavark backend "/etc/containers/networks" is used as root
|
||||
and "$graphroot/networks" as rootless.
|
||||
|
||||
**firewall_driver**=""
|
||||
|
||||
The firewall driver to be used by netavark.
|
||||
The default is empty which means netavark will pick one accordingly. Current supported
|
||||
drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
|
||||
experimental at the moment and not recommend outside of testing). In the future we are
|
||||
planning to add support for a "nftables" driver.
|
||||
|
||||
**dns_bind_port**=53
|
||||
|
||||
Port to use for dns forwarding daemon with netavark in rootful bridge
|
||||
|
||||
@ -4,29 +4,11 @@
|
||||
"type": "insecureAcceptAnything"
|
||||
}
|
||||
],
|
||||
"transports": {
|
||||
"docker": {
|
||||
"registry.access.redhat.com": [
|
||||
{
|
||||
"type": "signedBy",
|
||||
"keyType": "GPGKeys",
|
||||
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
|
||||
}
|
||||
],
|
||||
"registry.redhat.io": [
|
||||
{
|
||||
"type": "signedBy",
|
||||
"keyType": "GPGKeys",
|
||||
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
|
||||
}
|
||||
]
|
||||
},
|
||||
"docker-daemon": {
|
||||
"": [
|
||||
{
|
||||
"type": "insecureAcceptAnything"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"transports":
|
||||
{
|
||||
"docker-daemon":
|
||||
{
|
||||
"": [{"type":"insecureAcceptAnything"}]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -75,5 +75,3 @@ unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.
|
||||
# # 2. example-mirror-1.local/mirrors/foo/image:latest
|
||||
# # 3. internal-registry-for-example.com/bar/image:latest
|
||||
# # in order, and use the first one that exists.
|
||||
|
||||
short-name-mode="enforcing"
|
||||
|
||||
10
storage.conf
10
storage.conf
@ -47,9 +47,8 @@ graphroot = "/var/lib/containers/storage"
|
||||
|
||||
# AdditionalImageStores is used to pass paths to additional Read/Only image stores
|
||||
# Must be comma separated list.
|
||||
#additionalimagestores = [
|
||||
#"/usr/lib/containers/storage",
|
||||
#]
|
||||
additionalimagestores = [
|
||||
]
|
||||
|
||||
# Allows specification of how storage is populated when pulling images. This
|
||||
# option can speed the pulling process of images compressed with format
|
||||
@ -71,7 +70,7 @@ graphroot = "/var/lib/containers/storage"
|
||||
# Tells containers/storage where an ostree repository exists that might have
|
||||
# previously pulled content which can be used when attempting to avoid
|
||||
# pulling content from the container registry
|
||||
pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""}
|
||||
pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
|
||||
|
||||
# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
|
||||
# a container, to the UIDs/GIDs as they should appear outside of the container,
|
||||
@ -131,6 +130,9 @@ mountopt = "nodev,metacopy=on"
|
||||
# Set to skip a PRIVATE bind mount on the storage home directory.
|
||||
# skip_mount_home = "false"
|
||||
|
||||
# Set to use composefs to mount data layers with overlay.
|
||||
# use_composefs = "false"
|
||||
|
||||
# Size is used to set a maximum size of the container image.
|
||||
# size = ""
|
||||
|
||||
|
||||
27
update.sh
27
update.sh
@ -1,19 +1,28 @@
|
||||
#!/usr/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eox pipefail
|
||||
|
||||
spectool -fg containers-common.spec
|
||||
|
||||
echo "Changing storage.conf..."
|
||||
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
|
||||
-e '/additionalimage.*/a "/usr/lib/containers/storage",' \
|
||||
storage.conf
|
||||
if [[ $(git rev-parse --abbrev-ref HEAD) == "rawhide" ]]; then
|
||||
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
|
||||
-e 's/^pull_options.*=.*/pull_options = {enable_partial_images = \"true\", use_hard_links = \"false\", ostree_repos=""}/' \
|
||||
storage.conf
|
||||
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
|
||||
containers.conf
|
||||
else
|
||||
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' \
|
||||
-e '/additionalimage.*/a "/usr/lib/containers/storage",' \
|
||||
storage.conf
|
||||
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
|
||||
containers.conf
|
||||
fi
|
||||
|
||||
echo "Changing seccomp.json..."
|
||||
[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
|
||||
"keyctl",' seccomp.json
|
||||
sed -i '/\"socketcall\",/i \
|
||||
"socket",' seccomp.json
|
||||
|
||||
echo "Changing registries.conf..."
|
||||
sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \
|
||||
registries.conf
|
||||
|
||||
@ -22,8 +31,4 @@ if [[ $? == 1 ]]; then
|
||||
echo -e '\nshort-name-mode="enforcing"' >> registries.conf
|
||||
fi
|
||||
|
||||
echo "Changing containers.conf..."
|
||||
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
|
||||
containers.conf
|
||||
|
||||
git checkout origin default-policy.json
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
spectool -fg containers-common.spec
|
||||
|
||||
echo "Changing storage.conf..."
|
||||
sed -i -e 's/^driver.*=.*/driver = "overlay"/' -e 's/^mountopt.*=.*/mountopt = "nodev,metacopy=on"/' -e 's/^pull_options.*=.*/pull_options = {enable_partial_images = \"true\", use_hard_links = \"false\", ostree_repos=""}/' \
|
||||
storage.conf
|
||||
|
||||
echo "Changing seccomp.json..."
|
||||
[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
|
||||
"keyctl",' seccomp.json
|
||||
sed -i '/\"socketcall\",/i \
|
||||
"socket",' seccomp.json
|
||||
|
||||
echo "Changing registries.conf..."
|
||||
sed -i 's/^#.*unqualified-search-registries.*=.*/unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]/g' \
|
||||
registries.conf
|
||||
|
||||
grep '\nshort-name-mode="enforcing"' registries.conf
|
||||
if [[ $? == 1 ]]; then
|
||||
echo -e '\nshort-name-mode="enforcing"' >> registries.conf
|
||||
fi
|
||||
|
||||
echo "Changing containers.conf..."
|
||||
sed -i -e 's/^#.*log_driver.*=.*/log_driver = "journald"/' \
|
||||
-e 's/^#.*compression_format.*=.*/compression_format = "zstd:chunked"/' \
|
||||
containers.conf
|
||||
|
||||
git checkout origin default-policy.json
|
||||
Loading…
Reference in New Issue
Block a user